There are three streams/tracks in the programme which indicate how the
subject will be handled, so that you can pick sessions to suit your
requirements. This conference programme is designed to have something for
everyone!

ACTIONS

These sessions are all about practical advice and key technical aspects
of business continuity and resilience. This stream includes lots of ‘how
to’ and will help develop skills and methodology that can be utilised as
soon as you get back to work!

APPROACHES

This stream is for shared experiences, case studies and reviewing current
practices with an eye on improvement and consolidation. You will hear lots
of excellent personal stories, consider the challenges facing the modern
resilience professions and hear some expert views.

ASPIRATIONS

This is a stream that is intended to move thinking and discussion beyond
the immediate future and will include some robust debate! The intention is
to provide programme space for thought leadership and to welcome the
opportunity to consider where resilience is heading.

11.00 - 11.50

Actions

Terrorism poses a dynamic and diverse set of threats to businesses.
Moreover, information on current and future terrorist threats is often
unverified, incomplete or contradictory, which complicates efforts to
accurately assess the risks. Nevertheless, many businesses are obliged to
evaluate their exposure to terrorist attack, at minimum to fulfil their
duty of care responsibilities to their employees and for some businesses,
to satisfy regulatory requirements. In some businesses, the task of
assessing the threat and designing an appropriate response falls to a
business continuity manager.

In this presentation, attendees will hear about techniques that they
could apply to monitor changes in the terrorism threat to their business.
Attendees will then hear how the outputs from this activity can be used to
inform the design of credible threat scenarios that underpin exercises
intended to validate businesses' continuity plans. Finally, attendees will
hear about best practice for conducting terrorism scenario-based exercises
to validate their business continuity plans.

Approaches

Conversations in a Crisis - transforming informal conversation and
sentiments into invaluable data and solid strategies

From
the down to earth perspective of crisis advisors activated in acute
situations, Stijn and Tim will share insights into complex yet crucial
interactions between organisations and the chaotic so called “crisis
landscape” of stakeholders.

By focusing on the right issues even at a time when no definite answers
are available yet, teams can establish their place as a trusted
information source in the difficult crisis communication arena.

The presentation will encompass:

- Gaining and maintaining the trust of those affected by a crisis by swift
and efficient techniques driven by perception, human elements and
sentiment analysis.
- Demonstrating practical insights and cases from various angles such as
the Belgian Federal Crisis Center during the Brussels terrorist attacks.
- Sharing lessons learned from thought provoking examples after a decade
of experience on the “hot seat” as strategic advisors for companies and
governments facing different types of crises and business continuity
challenges.
- Examples that demonstrate the art of collecting and processing vast
amounts of conversational data generated by the people affected during a
fast evolving crisis. While these data are hardly useful in raw and
unstructured form, techniques will be discussed to reshape and enrich
these data into a stream of knowledgeable and insightful information,
enabling crisis teams to apply better “informed decision making”

Join Stijn and Tim as they consider how organisations can be effective
communicators even when finding themselves in the head of the storm,
always prepared to put a high performing team in place when the rubber
meets the road.

Approaches

What we wish we’d known a year ago

John DiMaria, Global Product
Champion for Information Security and Business Continuity, BSI

Every
day BSI’s business continuity experts are out engaging with different
organizations – from our 11,000 committee members, including
professionals, industry bodies, and consumers, to training course
delegates and our assessments clients. We will share some of the key
successes our clients achieve when they put business continuity at the
heart of their operations, including:

- insight and trends on the common questions that arise and challenges we
see them address
- key learnings that we wish we knew a year ago
- what we see ahead for BCM in 2018
-
core elements of business continuity will help your organization to be
more resilient

Aspirations

Details make the design - delivering a resilient hybrid cloud

Cloud is no longer a question of “if” but a reality of 'how” and “when.”
This is abundantly evident in the countless surveys illustrating
C-Level near-term spend in cloud migration and hybrid cloud investment.
Cloud may be anathema to the cost increase and resource constraint
problems of the past, but it is not the magic pill that will solve the
always-on demands and complexity of today’s world. Often over-looked
are the potential pitfalls of cloud migration and adoption when undertaken
without properly determining the impact across the enterprise, in
particular infrastructure readiness and application resiliency.

Experienced Business Continuity Management professionals are no doubt
asking: How does business continuity fit into the new era of hybrid cloud?
How will the role of the Business Continuity Manger change?
What do successful businesses need to consider when reviewing
enterprise Resiliency across an enterprise where critical workloads and
processes run across traditional data centers and cloud environments? How
does this shift to hybrid cloud change real-world processes, plans,
resources, and actions that are vital for recovery - and this in an era
where unplanned outages from cyber incidents or natural disasters can be
catastrophic for your business reputation and brand? To ensure real
business resiliency, it is imperative that the importance of the fine
detail does not get lost in the simplicity of the cloud message.

In this session, Allen Downs will:
• Highlight the real-world questions an
enterprise needs to consider when moving to the cloud
• Illustrate various considerations and
recovery requirements for a successful migration to cloud
• Evaluate the importance of having application
resiliency in enterprise hybrid cloud deployment
• Discuss how the increase in cyber-incidents
is changing the way we must THINK and prepare for resiliency
• Share best practice of a holistic resiliency
approach in the hybrid cloud world

Resiliency is playing an even greater role in this new era of computing.
Anyone whose role is in BCM, security or risk management should join
this informative session to hear about IBM’s experiences in helping
clients across different industries prepare for a successful journey to
the world of hybrid cloud.

Actions

Risk Management and Business Continuity Working Together To Address
Common Objectives

When done correctly, the business impact analysis (BIA) serves as a
foundation process for business continuity and resilience managers to
determine and seek endorsement of business continuity requirements.
However, starting from scratch is often unnecessary and doing the work in
a silo is unacceptable. Have you considered the wealth of information
already collected and analysed by your organization’s risk management
function? And have you ever considered the value of the BIA and risk
assessment outcomes to the risk management function? Join Brian Zawada as
he explains why it is so important for risk managers and business
continuity professionals to collaborate and coordinate their work, and how
organizations of all sizes can share information to manage a broad range
of risks as well as bring efficient clarity to the BIA and other business
continuity planning efforts. Key takeaways include:

- How risk management activities that already exist within an
organization can be used to reduce the burden when performing the BIA and
risk assessment process
- How to set up longer term collaboration with the risk management
function to drive a higher level of resilience – that is to say the sum of
the parts is stronger than the individual efforts.

Approaches

Terrorism and the challenges for continuity in context of Metro Trains,
Melbourne

The presentation explores the dynamic and constantly shifting threat
environment and the challenges faced by government and business.
Using case studies from Metro Trains Melbourne, various aspects of the
terrorist threat will be examined, including:

- The proliferation of 'lone actor' attacks; rapid radicalisation through
the internet; 'crowd sourcing' terrorism.
- Prevailing tactics: Sophisticated coordinated attacks remain a threat,
(IED/ VBIED/ armed attack/ mixed mode), in addition to basic attack
methodologies, (hostile vehicles, edged weapons, fire): A transition away
from suicide attacks; the desire to get away, causing confusion/ community
anxiety.
- The challenge faced by law enforcement and intelligence agencies in
determining what information to distribute to operator communities: The
thirst for knowledge vs the risk of 'cry wolf' and complacency
- Relationships with authorities/ law enforcement agencies: The role of
organizations in the police response operation
- The need for robust planning arrangements, Case studies of multi agency
terrorism exercises conducted between surface transport operators and
Victoria Police.

Approaches

This is a BBC Continuity Announcement

The BBC is a unique organisation with a mission set out in a Royal
Charter to enrich people's lives with programmes and services that inform,
educate and entertain. This means providing music, entertainment and
news globally via multiple media platforms including television, radio,
websites and on-demand online services. Chris Moore’s team provide
business continuity services across the network, ensuring the BBC’s people
are kept safe and the organisation can continue to provide key services to
the public on air and on line. Delivering emergency planning and
continuity services inside a public broadcasting service brings its own
special challenges – not least being surrounded by inquisitive journalists
and programme makers always with an eye out for a good story!

Chris will share his experience of running continuity for a high profile,
world leading Broadcasting Corporation that is always on, all over the
world.

Aspirations

Is convergence already dead?

According to some, we are in the midst of the fourth industrial
revolution, where the convergence of artificial intelligence, robotics and
human endeavour are reaching towards new possibilities. Come and hear this
fascinating directed conversation between Martin Caddick and Luca Tenzi,
in which they will consider to what extent convergence has
progressed.

Actions

Leveraging country risk intelligence to take a proactive approach to
managing business continuity risks in your supply chain

Manufacturers spend years and ample resources building and preparing their
global operations to respond and recover quickly in the event of a disaster
or supply chain disruption. Natural and man-made disruptions are predictive
and can be mitigated before they have a chance to severely impact the supply
chain and a company's bottom line. Leveraging country risk intelligence on
business continuity risks, such as natural disaster exposure and resiliency,
strikes and protests, political, economic and financial stability, across
the globe enables a proactive approach to understanding supply chain
disruption, rather than in a reactive, crisis management approach.

Being aware and prepared is what makes an organization resilient. Join us to
learn more about how to:
- proactively identify threats utilizing intelligence
based solutions
- leverage intelligence to make informed and strategic
decisions
- Utilize that information to build a more resilient
supply chain

Our workshop will provide insight into high risk countries and an overview
of BSI’s analysis and proprietary data.

Approaches

How GDPR is reinforcing Business Continuity and Resilience

This presentation will introduce the EU GDPR (General Data Protection
Regulation) main concepts and will explain how GDPR and Business
Continuity are strongly linked.

The General Data Protection Regulation is the most significant
development in data protection that Europe, possibly the world, has seen
over the past twenty years. Unsurprisingly GDPR is designed to better take
into account modern technologies, the way we work with them today and are
likely to work in the future.

To reinforce this regulation, penalties for a violation of the GDPR are
substantial as the Regulators can impose fines of up to 4% of total annual
worldwide turnover or 20 million euros. This regulation will apply
directly in all (28) EU Member States from 25 May 2018 and is on the
agenda of all CEO.

This new regulation requests every organization to be accountable for the
data protection of their information, where the security, confidentiality,
integrity, availability and resilience of processing systems and services
must be ensured.

Marc will zoom on the main GDPR concepts, establish a link with the BC
practices and explain why Data Protection Officers and Business Continuity
Managers should work together.

There are indeed many opportunities for collaboration and reuse of best
practices.

Approaches

Crisis Management Workshop : Bad Things happen to Good Companies

All organizations, businesses and companies are at risk of a crisis
situation and crises are a part of doing business. Handled well, they
demonstrate to a company's stakeholders that the business puts people
before profits, truth before denial and spin. When a crisis is handled
poorly, it can escalate to a point of no return.

What a company says and how it reacts and respond in a crisis will either
instil confidence and trust or irreparably damage relationships and
business dealings. This is key in an interconnected world, where companies
have to respond to the perceptual and reality challenges that a crisis
brings in real-time. A 24 hour – always-on news world.
Regardless of a businesses’ size, reputation or industry, crises cause
immense pressure threatening a company’s reputation and its ability to
conduct business. Being prepared is therefore a vita strategy that may
help eliminate stress and chaos during a real life crisis situation and
will allow the company to act and respond to deliver to their stakeholders
and the media, in real- time.

The key to handling crises is to always be ready ahead of time for the
storm that is always on the horizon. Professor Ian Mitroff, who for more
than 20 years headed up the Institute for Crisis Management facilitated a
crisis management workshop in New York about two weeks before 911
happened. Most of the executives present, represented multi-national
companies. In compiling likely risks, car bombs featured at the top of the
list. However no one mentioned "flying bombs". Mitroff goes on to say that
something is lacking, and that "That something is our ability to think
comprehensively about crisis".

During this, workshop key ideas will be shared that will enable you to
think more comprehensively about crises and plan your real-time responses.

Aspirations

Panel Discussion; Where does Work Area Recovery go from here?

Work Area Recovery has its roots in the early days of Business
Continuity, following a realisation that simply recovering IT systems was
completely insufficient! The concept matured to become a foundation of
many organizations’ recovery strategies. Today we are riding the wave of
revolution in technology, in service level expectations and in the shape
of the workforce we are responsible for.

Join this fascinating and friendly panel discussion chaired by Richard
Bale between key suppliers in the field about where we actually
stand right now in Work Area Recovery and where the challenges and
opportunities lie ahead for suppliers and clients alike.

Leveraging country risk intelligence to take a proactive approach to
managing business continuity risks in your supply chain

Approaches

Goodbye Functions, Hello Resilience Capabilities!

For many years, risk, compliance and resilience professionals working in
the 2nd Line of Defence (LoD) have worked in silos in terms of how they
structure, resource and manage the frameworks, programmes and reporting
outputs for which they are responsible.

This presentation will demonstrate how this traditional "functional"
approach to resilience creates barriers to success.

Using an illustration of the traditional functional approach to cyber
resilience, delegates will be able to determine for themselves the extent
to which their organizations experience these challenges.

Attendees will be encouraged to consider how to move away from the
traditional functional approach to resilience and move towards an
enterprise-wide approach that centres upon "capabilities" and the
supporting subject matter experts required to build, verify and track
them.

Approaches

Don’t be afraid to be different!

A fascinating case study in employing a ‘start again’ fresh approach to
implement a robust and encompassing business continuity programme within a
large global organization undergoing significant changes and growth.

Hear about the stages of development and the challenges faced by an
organization during a period of great upheaval following business
divestitures and a major global merger, with a historically unsuccessful
BCP program and limited organizational engagement. Felix and
Claire will discuss how these challenges were transformed into the
opportunities that led to the design and implementation of a new,
simple but effective common sense approach focused on business resilience
but taking into consideration key elements such as organizational
buy-in, business priorities, and employee/stakeholder
engagement. All this was accomplished with minimal business
disruption but still capturing the necessary and essential information to
produce solid plans. They will describe the successes that are
achievable when you understand your customer base, plan properly, involve
the right partners and keep the approach simple.

Aspirations

The spotlight’s on you! How decision making in a cyber crisis
affects C-level executive boards

Boards, management and regulators increasingly want assurance that the
organisation's response to a cyber crisis is sufficient, rapid and
effective, however more consideration needs to be given to the role these
governing bodies play during a cyber crisis. Do you feel confident that
your C-Suite realise how quickly things can go wrong once intrusion has
occurred and what impacts this may have across your business? You may know
what you need to do, but incident response by its very nature must include
decisions taken at the very highest level, particularly when reputation is
at stake… so most importantly: do you know if they are ready to respond?

Cyber incidents are not just about IT; the cyber threat presents
business-wide challenges for any organisation, and particularly for those
operating internationally, through many business units and brands, or
serving a wide spectrum of clients. Managing the business through this is
not an easy feat at a time when extremely sensitive and difficult
decisions need to be made on providing security, availability and
transparency to clients.

Driving on their personal experience of managing prolific cyber incidents
and conducting extensive and high profile post incident reviews, James
Campbell and Claudia van den Heuvel will discuss the psychological,
business, and technical elements that make an effective incident response
from senior executive level.
They will highlight what can go wrong when the most senior decision-makers
in an organization are not prepared, including the psychological elements
of asking your most senior leadership teams to take decisions on topics
which are the stuff of their nightmares and about which they have limited
technical knowledge, whilst under pressure from all sides.

Taking the audience through several war stories, James and Claudia will
discuss the wider business and reputational impacts incurred by
cyber-attacks, the key aspects senior leaders should consider in managing
an incident, and how business continuity and resilience professionals can
prepare the organization and the leadership teams for the
unexpected.

16.00 - 17.00

Actions

Fire & Rain: Managing Invocations

The presentation will bring the audience through an invocation from the
initial phone call, setting up the recovery site to recovery back to
normal operations, using four specific real-life examples.

Key areas to be covered are:

- First actions and areas of risk that might derail the invocation
- Areas of focus during an invocation, including roles &
responsibilities
- The role of the BCM Manager
- Managing day to day operations in the recovery site
- Involving key stakeholders
- How an invocation can improve your existing BC process

Approaches

Tales from the Trenches, Two case studies from the New Zealand Kaikoura
Earthquakes 2016

Shake, Rattle, Roll & Resilience

At midnight on 14 November 2016 there was a severe earthquake in
Kaikoura, New Zealand. Rupturing surged north over 150-200 km, growing
more powerful as it jumped from fault to fault. It was one of the world's
largest earthquakes in 2016.

New Zealand’s capital city, Wellington, is 215 km from the epicentre of
the earthquake, yet many organisations were forced to invoked business
continuity arrangements.

The Parliamentary Counsel Office (PCO) drafts and publishes Bills (and
Acts) for New Zealand. When drafting legislation there is no wriggle room,
especially when the House is sitting. The show must go on, it's the law.

The Parliament Buildings were okay as they sit on base isolators, however
the adjacent Parliamentary Counsel's building was forced to close on the
first day. By day 2 we had managed to reopen on the lower floors and the
next day the House was sitting so we had to be ready for business as
usual. This case study details how the Incident Management Team ensured
the Parliamentary Counsel could return to its usual operations within two
days of the incident and details the biggest challenges we faced.

Faulty towers: the creeping crisis of 2016-17

Unexpectedly, following the Kaikoura earthquake, the city was not in
ruins. Electricity, potable water, waste water, communications, and
transportation networks were up and running as normal within hours of the
earthquake. The central business district opened within 24 hours. Children
returned to school, neighbours to work, libraries, parks, or universities.

However, from 23 November 2016 many IR employees could not go to work. At
least, not work as they knew it. Staff were evacuated from various
buildings as engineers identified structural instability in stairwells,
columns, and sub-floors.

The partial collapse of a ‘modern building’ on reclaimed land in the CBD
triggered calls for a review of the building code, and requirements for
the invasive testing of 80 buildings throughout the city. Reassuring staff
of the safety of their working environments and the integrity of the
organisations decision-making became a major challenge.

This case study explores the challenges and opportunities identified by
the Crisis Management Team in various areas including: Critical Functions,
Customers, Technology, Information/Data, Facility Access, Health &
Safety, and Communications. The presenter will also touch briefly on the
realities of adjusting from an emergency response mind-set to crisis
management.

Aspirations

Panel Discussion – the future of business continuity methodology

Join a panel to discuss how business continuity is changing and what, if
anything needs to change in our thinking in order to remain relevant and
resilient.

This panel has been convened to spark robust discussion and views
provided are the panellist’s own; not necessarily the BCI’s.

17.00Close of day 1

19.00 - 00.00Gala
Dinner & Awards Ceremony (ticketed event)

Quick links...

Next Event

BCI World 2017 November 2017London, UK

About us

BCi World is organized by the Business Continuity Institute. Established in 1994, the BCI has established itself as the leading membership and certifying organization for Business Continuity professionals worldwide. Stay connected with us: